AS-CRED: Reputation Service for Trustworthy Inter-domain Routing

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "AS-CRED: Reputation Service for Trustworthy Inter-domain Routing"

Transcription

1 AS-CRED: Reputation Service for Trustworthy Inter-domain Routing Krishna Venkatasubramanian Computer and Information Science University of Pennsylvania ONR MURI N Review Meeting June 10, 2010

2 Overview Border Gateway Protocol Problems with BGP AS-CRED Behavior Analysis Reputation Computation Alert Generation Performance Analysis Conclusion and Future Work 11/4/09 ONR MURI Review 2

3 Border Gateway Protocol AS X p = /8 R1 R2 Autonomous Systems Address prefix owned by ASX p ASX p ASX AS Y R3 BGP Update (Announcement) p ASX, ASY p ASX, ASY R4 BGP Update (Withdrawal) AS Z 11/4/09 ONR MURI Review 3

4 Problems: Inaccurate BGP Updates Announcement of IP prefixes not owned by ASX or are bogons AS X R1 R4 AS Z Persistent and well-known problem p ASX p= /8 R2 AS Y R3 p ASX, ASY Reasons for occurrence: Blocking Content YouTube was unavailable for about 1 hour when its Prefix was hijacked by Pakistan Telecom AS Spamming AS 8717, an ISP in Sofia, Bulgaria, originated announcements for /8 May due to malicious intent or misconfiguration Inaccurate Updates Well-known Incidences Prefix hijacked Victim AS Attacker AS Dates / April 8, / March 15, / (YouTube) Feb. 24, / (ebay) November 30, / Jan. 13, /8 NULL 8717 Dec Jan / Dec Jan /4/09 ONR MURI Review 4

5 Problems: Unnecessary BGP Updates Repeated announcement and withdrawal of IP prefixes owned by ASX, or illegal AS values in update message p AS X R1 R2 R3 R4 AS Z Persistent and NOT well-known problem Order of magnitude larger problem compared with prefix hijacking p ASX AS Y p ASX, ASY Principal suspected reason Misconfiguration of BGP router Unnecessary Updates Example: Prefix /24 announced and withdrawn 4824 times by AS37035 between Dec. 3, 2009 and Dec. 7, 2009, once every 1.5 minutes. Announcement of private AS numbers (e.g., AS65535) due to improper export policy filtering Prominent Incidences AS Prefix Dates RAW /24 Dec.3 Dec /24 Nov. 2 - Nov. 10, /30 Dec. 8 - Dec. 31, /24 Nov. 1 - Nov. 27, /4/09 ONR MURI Review 5

6 Feedback Approach Principal Question: How do we know if ASes are announcing valid updates? Update Validity: necessary and accurate Feedback Interaction Approach: Essentially a question of trust a subjective expectation on the behavior of an entity In this problem: Entity Autonomous Systems Behavior announcement of valid BGP updates Observation: ASes repeat their behaviors Past can be used to predict future Metric of choice: Reputation Phase I Evaluation of interaction Phase II f Reputation Function 11/4/09 ONR MURI Review 6

7 Goals Compute the reputation for Autonomous Systems in the Internet, by analyzing past BGP updates announced by them for their validity accuracy and necessity. Provide an alert service for tracking the subsequent announcement of potentially invalid BGP updates based on the computed reputation. Deploy as an publically available service for everyone to use. 11/4/09 ONR MURI Review 7

8 Traditional Approach BGP Update Invalidity Detection Prefix Hijacking Bogons Private AS Numbers Frequent Announcements and Withdrawals Control-plane Information Data-plane Probing Reputation Static Checking Karlin et. al 09 Qiu et. al 07 Lad et.al 04 Mahajan et. al 02 Xao et. al 02 X. Hu et. al 07 Zheng et. al 07 Zhang et. al 05 N. Hu et. al 07 Yu et. al 05 Implemented as a part of BGP route policy space Use Short-lived prefix announcements as basis for detection Consider them both malicious and misconfigured Provide alerts for potential hijacks Third-Party Feedback Dependent Requires Overlay Trust Network 11/4/09 ONR MURI Review 8

9 Traditional Approach BGP Update Invalidity Detection Control-plane Information Karlin et. al 09 Qiu et. al 07 Lad et.al 04 Mahajan et. al 02 Xao et. al 02 Prefix Hijacking X. Hu et. al 07 Zheng et. al 07 Zhang et. al 05 N. Hu et. al 07 Yu et. al 05 Bogons Private AS Numbers Principal Issues: Data-plane Probing No Non-necessity Reputation check Static Checking No quantitative modeling of AS behavior tendencies High False Positives Implemented as a part of BGP route policy space Frequent Announcements and Withdrawals Use Short-lived prefix announcements as basis for detection Consider them both malicious and misconfigured Provide alerts for potential hijacks Third-Party Feedback Dependent Requires Overlay Trust Network 11/4/09 ONR MURI Review 9

10 AS-CRED: Architecture BGP Activity Manager: Database for BGP updates Obtained from well-connected BGP data collectors AS-Behavior Analyzer: Analyzes the updates in BGP Activity Manager, based on a set of well-defined properties to detect invalidity The results of the analysis, is a feedback on the past behavior of ASes Reputation Manager: Computes the reputation of the ASes based on a well defined mathematical function Uses past behavior information in the form of feedback Reputation Portal: Once the AS reputations are computed it is made available through a web portal Alert Manager: Uses AS reputation, to trigger real-time alerts regarding potential invalidity of any new updates propagated within the Internet. AS-CRED Architecture 11/4/09 ONR MURI Review 10

11 Data Source: RouteViews Basically a group of BGP routers (AS 6447) peered with about 40 other ASes at crucial places Receives updates from the peers which it stores in its database without any filtering Maintains RIB dumping database: a prefix list with time-stamped information on origin and AS-path ASX 6447 ASY Route-Views does not originate any prefix or forward a received update message RIB dumping every two hours, update messages every 15 minutes Useful for analyzing past behaviors of ASes ASZ For every prefix visible to ASes X, Y and Z an entry exists in /4/09 ONR MURI Review 11

12 Behavior Analysis: Property I Observation: AS prefix bindings which are invalid usually last for a short period of time, i.e., they are unstable. M Length of Learning Window Aim: Detect AS-prefix bindings stability Need: Historical Information based analysis Analysis window (60 days learning window) Two complimentary metrics Prevalence percentage of learning window AS-prefix binding lasted Persistence average time an AS-prefix binding lasted M Time prefix (p) withdrawn by AS (M) Index of each announcement and withdrawal AS-prefix binding timeline Time prefix (p) announced by AS (M) 25% 15 % 25% Learning window = 60 days Total number of announcements and withdrawals Pr = 65%; Ps = ( )*60/3 = 13 days 11/4/09 ONR MURI Review 12

13 Property II & Feedback Initial Classification Prevalence Persistence Feedback Entry format AS prefix Timestamp of announcement Hi Hi Good Hi Lo Bad (Unnecessary) Ugly Lo Hi Good Lo Lo Ugly (Inaccurate) Feedback Type Bad Good Refinement Past Ownership and AS_PATH AS X Ownership of Prefix P AS X ownership of Prefix P Good Ugly P P Refinement 1 Bad AS X AS X AS U AS W AS W prefix P AS Y prefix P Refinement 2 Good Bad Ugly Current Ownership and AS_PATH 11/4/09 ONR MURI Review 13

14 Stability Threshold Feedback results in three sets: Good, Bad and Ugly Threshold needed to determine: What is Hi and Lo? Generated based on comparison with Internet Route Registries (IRR), the closest source to ground truth available Compare False Positive: entries in IRR found in Ugly set False Negative: entries not in IRR found in Good and Bad set Choosing Thresholds Value of choice: T Pr = 1% and T Ps = 10 hours 11/4/09 ONR MURI Review 14

15 Behavior Analysis: Property II Observation: BGP updates contain illegal values for ASes and the prefixes they announce Legal AS numbers Illegal AS numbers Illegal AS numbers: Example, those in the range of: , r X Y Z Bogons: Set of yet to be allocated prefixes receiver blamed announcer Feedback: Illegal AS numbers: First AS in the AS-PATH with a legitimate value blamed Update considered Unnecessary Bogons: The announcer is blamed Update considered Inaccurate r receiver Illegal AS Number X Y Bogon Announcement blamed Z Bogon announcer 11/4/09 ONR MURI Review 15

16 Reputation Computation AS-CRED computes untrustworthiness of ASes in announcing valid updates Reputation of an AS is computed based on Bad and Ugly feedback only Time-decay function Uses a time-decay function where X is either B or U h X is a half-life of behavior X t now is the current time t i is the feedback timestamp: Two reputation values created for each AS RepU characterizes an As s past inaccurate update announcement RepB - characterizes an As s past unnecessary update announcement t now Half-life: time by which the weight of the reputation of an AS is halved Set based on by when 75% of the ASes repeat their invalid updates Values: h U = 3 days, h B = 6 days t i 11/4/09 ONR MURI Review 16

17 Alert Generation Process Three Steps Process White-List Filtering: When a new update is received, we first checks to see if its corresponding AS-prefix binding (a, p) is in our white-list (G set) Initial State RepU of all ASes Good (White-List) Ugly Bad RepB of all ASes Alert Generation: If (a, p) are not in the white-list, we post an potential invalid Alert 2 Fetch Update 1 Search Good (White-List) Found Relabeling: Label updated to Unnecessary, if RepB(a) is poor or RepU(a) is poor with p p such that (a, p ) is in the white-list. Label updated to Inaccurate, if RepU(a) is poor with no p p such that (a, p ) is in the white-list T U RepU Alert: Inaccurate T B NOT Found Alert: Potential Invalid RepB + Refinement 1 Alert: Unnecessary Alert Generation 11/4/09 ONR MURI Review 17

18 Behavior Analysis (Nov 1, 09- Dec 30, 09) Property I: Unnecessary repeated updates far outnumber prefix hijackings or updates with illegal AS numbers Updates for prefix hijacking and illegal AS numbers instances are similar in scale Entries in the U set are exclusively prefix hijacking instances Property II: updates affected by illegal AS numbers leading to penalization of 134 ASes Zero instances of Bogons Repetitive poor behavior displayed, makes reputation a good metric for trust establishment Shows Number of entries in B and U set after the learning window. 11/4/09 ONR MURI Review 18

19 Behavior Analysis (Nov 1, 09- Dec 30, 09) Property I: Unnecessary repeated updates far outnumber prefix hijackings or updates with illegal AS numbers Updates for prefix hijacking and illegal AS numbers instances are similar in scale Entries in the U set are exclusively prefix hijacking instances Property II: updates affected by illegal AS numbers leading to penalization of 134 ASes Zero instances of Bogons Observation: Unnecessary updates a bigger problem in inter-domain routing compared to updates with Inaccurate information Repetitive poor behavior displayed, makes reputation a good metric for trust establishment Shows Number of entries in B and U set after the learning window. 11/4/09 ONR MURI Review 19

20 Quality of Behavior Analysis Inaccurate Updates U set stores instances of inaccurate updates prefix hijacking Inaccurate updates detected compared with Internet Alert Registry w.r.t. IRR 4 fold improvement in False Positives Unnecessary Updates B set stores instances of Unnecessary updates Unnecessary updates from repeated announcements and withdrawals were 92% legitimate AS-prefix bindings (based on Internet Route Registry) Announced 42 times more often than Good AS-prefix bindings False Positive Scheme No Record IRR Match No IRR Match AS-CRED 841 (13.7%) 975 (18.4%) 4323 (81.6%) IAR 4190 (10.7%) (74.4%) 8903 (25.6%) # Announcements and Withdrawals Hijack Behavior Analysis (Nov 1- Dec 30) Vs. IAR w.r.t. IRR AS Prefix NAW Duration Observed / Nov 2-10, / Dec 8 31, / Nov 1-27, 2009 Prominent Examples of Unnecessary Updates 11/4/09 ONR MURI Review 20

21 Behavior Analysis Overall Statistics Prefix Statistics Property Value Prefixes Observed SOAS Prefix Observed MOAS Prefix Observed 9750 AS Statistics Property Value AS Observed AS announcing Unnecessary Updates 1568 (4.6%) AS announcing Inaccurate Updates 693 (2.0%) AS exclusively announcing Unnecessary Updates 79 AS exclusively announcing Inaccurate Updates 89 AS-Prefix Binding Classification Property Value Behavior Incidences Statistics Total AS-Prefix Bindings AS-Prefix Bindings in Inaccurate Updates 6139 AS-Prefix Bindings in Unnecessary Updates Property Value Number of Inaccurate Updates Number of Unnecessary Updates /4/09 ONR MURI Review 21

22 Reputation Analysis AS-CRED Reputation characterizes the current perpetrators of invalid updates announcement: ZERO reputation is considered good behavior 693 ASes have RepU > ASes have RepB > 0 90% of ASes with poor behavior have reputation close to ZERO ASes show repetitive behaviors Most ASes are good, very few ASes demonstrate repeated poor behaviors AS-CRED is sensitive in detecting even announcers of one-off invalid updates Reputation of ASes on Jan 1, 2010 Bottom 5 Ases by Reputation on Jan 1, /4/09 ONR MURI Review 22

23 Alert Consistency Given AS reputation, newly received updates received over Jan 1, 2010 Jan 10, 2010 are be evaluated Updates not seen in white-list classified as unnecessary or inaccurate based on reputation of announcing AS Sets IT - stores all inaccurate updates NN - stores all unnecessary updates We use 60 day consistency check window (Nov 20, 2009-Jan 20, 2010) to: Determine if the prediction was accurate Based on behavior analysis Classification Count Total NN set entries 3546 NN set entries classified in G set 71 (2.5%) NN set entries classified in B set 2591 (97.4%) NN set entries classified in U set 3 (0.1%) Total IT set entries 625 IT set entries classified in G set 7 (0.2%) IT set entries classified in B set 0 (0%) IT set entries classified in U set 618 (98.8%) 11/4/09 ONR MURI Review 23

24 Alert Accuracy For updates deemed inaccurate: AS-CRED detects prefix hijacking in two places: Behavior analysis to populate U set Alert generation when RepU is used to determine if update is a hijack Behavior Analysis shown to be accurate Compared the alert results with Internet Alert Registry and IRR (comparative ground-truth) 8 fold improvement in False Positives False Positive Hijack For updates deemed unnecessary : 88% of the associated AS-prefix binding found in IRR Average NAW 26 with the maximum 4492 Contrast for AS-prefix binding in Good set (Avg. NAW ~ 1) Scheme No Record IRR Match No IRR Match AS-CRED 112 (18.1%) 42(8.3%) 465 (91.7%) IAR 413 (11.2%) 2437(75.4%) 798 (24.6%) Alert Generation (Jan 1-Jan 10) vs. IAR w.r.t. IRR 11/4/09 ONR MURI Review 24

25 AS-CRED Service Screenshot Bottom 5 ASes by Reputation Past Reputation Trend for an AS Reputation-based Update Alert 11/4/09 ONR MURI Review 25

26 Conclusions & Future Work Conclusions: Repetitive Behavior: ASes which announce invalid updates do so repeatedly, which makes reputation a good metric to characterize them Large number of Unnecessary Updates: The number of unnecessary updates with poor stability far outnumber the inaccurate ones and those with illegal values Sensitivity: The reputation metric is very sensitive and can capture ASes which seldom announce invalid updates Improved Hijack Detection: The AS-behavior analysis and alert service are much more accurate than existing services (such as the IAR) for detecting prex hijacking Consistency of Analysis and Reputation: The reputation assigned to an AS is a representative and behavior predictive value. Future Work: Extend this work by including other properties for determining an AS' tendency to announce valid updates, such as presence of valley-free path and stable links in the AS-PATH. 11/4/09 ONR MURI Review 26

27 Thank You & Questions 11/4/09 ONR MURI Review 27 27

AS-CRED: Reputation and Alert Service for Inter- Domain Routing

AS-CRED: Reputation and Alert Service for Inter- Domain Routing University of Pennsylvania ScholarlyCommons Departmental Papers (CIS) Department of Computer & Information Science 9-2013 AS-CRED: Reputation and Alert Service for Inter- Domain Routing Jian Chang OpenX,

More information

AS-TRUST: A Trust Quantification Scheme for Autonomous Systems in BGP

AS-TRUST: A Trust Quantification Scheme for Autonomous Systems in BGP University of Pennsylvania ScholarlyCommons Departmental Papers (CIS) Department of Computer & Information Science 6-2011 AS-TRUST: A Trust Quantification Scheme for Autonomous Systems in BGP Jian Chang

More information

MANRS Mutually Agreed Norms for Routing Security

MANRS Mutually Agreed Norms for Routing Security 27 March 2018 MANRS Mutually Agreed Norms for Routing Security Kevin Meynell meynell@isoc.org Presentation title Client name Internet Society 1992 2016 1 The Problem A Routing Security Overview 2 The Basics:

More information

Inter-domain Routing(BGP) Security [IP Prefix Hijacking] Akmal Khan

Inter-domain Routing(BGP) Security [IP Prefix Hijacking] Akmal Khan Inter-domain Routing(BGP) Security [IP Hijacking] Akmal Khan [raoakhan@mmlab.snu.ac.kr] 4-15-2010 2 Outline Introduction Types of IP Hijacking Internet Routing Data Sources Tools of the Trade Past Research

More information

On the Impact of Route Processing and MRAI Timers on BGP Convergence Times

On the Impact of Route Processing and MRAI Timers on BGP Convergence Times On the Impact of Route Processing and MRAI Timers on BGP Convergence Times Shivani Deshpande and Biplab Sikdar Department of ECSE, Rensselaer Polytechnic Institute, Troy, NY 12180 Abstract Fast convergence

More information

CNT Computer and Network Security: BGP Security

CNT Computer and Network Security: BGP Security CNT 5410 - Computer and Network Security: BGP Security Professor Kevin Butler Fall 2015 Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means

More information

Evaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System

Evaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System Evaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System Evaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System School of Computer,

More information

On the State of the Inter-domain and Intra-domain Routing Security

On the State of the Inter-domain and Intra-domain Routing Security On the State of the Inter-domain and Intra-domain Routing Security Mingwei Zhang April 19, 2016 Mingwei Zhang Internet Routing Security 1 / 54 Section Internet Routing Security Background Internet Routing

More information

Dynamics of Hot-Potato Routing in IP Networks

Dynamics of Hot-Potato Routing in IP Networks Dynamics of Hot-Potato Routing in IP Networks Jennifer Rexford AT&T Labs Research http://www.research.att.com/~jrex Joint work with Renata Teixeira (UCSD), Aman Shaikh (AT&T), and Timothy Griffin (Intel)

More information

The Impact of Router Outages on the AS-Level Internet

The Impact of Router Outages on the AS-Level Internet The Impact of Router Outages on the AS-Level Internet Matthew Luckie* - University of Waikato Robert Beverly - Naval Postgraduate School *work started while at CAIDA, UC San Diego SIGCOMM 2017, August

More information

Autonomous Security for Autonomous Systems

Autonomous Security for Autonomous Systems Autonomous Security for Autonomous Systems Josh Karlin, Stephanie Forrest, and Jennifer Rexford Abstract The Internet s interdomain routing protocol, BGP, supports a complex network of Autonomous Systems

More information

the real-time Internet routing observatory

the real-time Internet routing observatory the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Luca Sani luca.sani@iit.cnr.it VSIX Meeting, May 10, 2017 - Padova Our research interest: the Internet AS-level

More information

the real-time Internet routing observatory Luca Sani

the real-time Internet routing observatory Luca Sani the real-time Internet routing observatory Luca Sani 1 / 24 Our research topic: discovering the Internet structure Everyone knows the role of the Internet in our society, but since its commercialization

More information

On the Characteristics of BGP Multiple Origin AS Conflicts

On the Characteristics of BGP Multiple Origin AS Conflicts 1 On the Characteristics of BGP Multiple Origin AS Conflicts Kwan-Wu Chin School of Electrical, Computer and Telecommunications Engineering University of Wollongong Northfields Avenue, NSW, Australia kwanwu@uow.edu.au

More information

CSE 461 Interdomain routing. David Wetherall

CSE 461 Interdomain routing. David Wetherall CSE 461 Interdomain routing David Wetherall djw@cs.washington.edu Interdomain routing Focus: Routing across internetworks made up of different parties Route scaling Application Route policy Transport The

More information

The Spoofer Project Inferring the Extent of Source Address Filtering on the Internet

The Spoofer Project Inferring the Extent of Source Address Filtering on the Internet The Spoofer Project Inferring the Extent of Source Address Filtering on the Internet Rob Beverly and Steve Bauer {rbeverly,bauer}@mit.edu The Spoofer Project Goal: Quantify the extent and nature of source

More information

The Transition to BGP Security Is the Juice Worth the Squeeze?

The Transition to BGP Security Is the Juice Worth the Squeeze? The Transition to BGP Security Is the Juice Worth the Squeeze? RPKI Sharon Goldberg Boston University November 2013 Work with Kyle Brogle (Stanford), Danny Cooper (BU), Ethan Heilman (BU), Robert Lychev

More information

BGP Techniques for ISP. Terutaka Komorizono

BGP Techniques for ISP. Terutaka Komorizono BGP Techniques for ISP Terutaka Komorizono Introduction Presentation has many configuration examples Using Cisco IOS CLI Aimed at Service Providers Techniques can be used by many enterprises

More information

Auto-Detecting Hijacked Prefixes?

Auto-Detecting Hijacked Prefixes? Auto-Detecting Hijacked Prefixes? Geoff Huston APNIC @RIPE 50 May 2005 1 Address Hijacking Is the unauthorized use of an address prefix as an advertised route object on the Internet It s not a bogon the

More information

BGPMON.IO: THE MANY NEW FACES OF BGPMON

BGPMON.IO: THE MANY NEW FACES OF BGPMON BGPMON.IO: THE MANY NEW FACES OF BGPMON Colorado State University Spiros Thanasoulas and Christos Papadopoulos NANOG 69, Feb 6-8 2017, Washington DC Work supported by NSF #CNS1305404, DHS #D15PC00205,

More information

CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca

CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca CSCI-1680 Network Layer: Inter-domain Routing Rodrigo Fonseca Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, John Janno? Today Last time: Intra-Domain Routing (IGP) RIP distance

More information

A FRAMEWORK FOR DEFENDING AGAINST PREFIX HIJACK ATTACKS. A Thesis KRISHNA CHAITANYA TADI

A FRAMEWORK FOR DEFENDING AGAINST PREFIX HIJACK ATTACKS. A Thesis KRISHNA CHAITANYA TADI A FRAMEWORK FOR DEFENDING AGAINST PREFIX HIJACK ATTACKS A Thesis by KRISHNA CHAITANYA TADI Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of the requirements

More information

Demystifying the IP Blackspace

Demystifying the IP Blackspace Demystifying the IP Blackspace Quentin Jacquemart 1, Pierre-Antoine Vervier 2, Guillaume Urvoy-Keller 3, and Ernst Biersack 4 1 Eurecom, Sophia Antipolis quentin.jacquemart@eurecom.fr 2 Symantec Research

More information

Protecting BGP from Invalid Paths

Protecting BGP from Invalid Paths Protecting BGP from Invalid Paths Josh Karlin University of New Mexico karlinjf@cs.unm.edu Stephanie Forrest University of New Mexico Santa Fe Institute forrest@cs.unm.edu Jennifer Rexford Princeton University

More information

Auto-Detecting Hijacked Prefixes?

Auto-Detecting Hijacked Prefixes? Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston 1 Address hijacking unauthorized use of an address prefix as an advertised route object on the Internet Not

More information

Timer Interaction in Route Flap Damping

Timer Interaction in Route Flap Damping Timer Interaction in Route Flap Damping Beichuan Zhang, Dan Pei, Lixia Zhang #UCLA$ Daniel Massey #Colorado State$ June, 2005 1 This Talk Route Flap Damping is a key mechanism in BGP to maintain global

More information

This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal non-commercial research and

This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal non-commercial research and This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal non-commercial research and education use, including for instruction at the authors institution

More information

Securing BGP: The current state of RPKI. Geoff Huston Chief Scientist, APNIC

Securing BGP: The current state of RPKI. Geoff Huston Chief Scientist, APNIC Securing BGP: The current state of RPKI Geoff Huston Chief Scientist, APNIC Incidents What happens when I announce your addresses in BGP? All the traffic that used to go to you will now come to me I can

More information

THE INTERNET S inter-domain routing protocol, the

THE INTERNET S inter-domain routing protocol, the IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 28, NO. 8, OCTOBER 2010 1271 A Technique for Reducing BGP Update Announcements through Path Exploration Damping Geoff Huston, Mattia Rossi, and Grenville

More information

Introduction to BGP. ISP Workshops. Last updated 30 October 2013

Introduction to BGP. ISP Workshops. Last updated 30 October 2013 Introduction to BGP ISP Workshops Last updated 30 October 2013 1 Border Gateway Protocol p A Routing Protocol used to exchange routing information between different networks n Exterior gateway protocol

More information

An Expectation-Based Approach to Policy-Based Security of the Border Gateway Protocol

An Expectation-Based Approach to Policy-Based Security of the Border Gateway Protocol 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS): GI 2016: 9th IEEE Global Internet Symposium An Expectation-Based Approach to Policy-Based Security of the Border Gateway Protocol

More information

Lecture 4: Intradomain Routing. CS 598: Advanced Internetworking Matthew Caesar February 1, 2011

Lecture 4: Intradomain Routing. CS 598: Advanced Internetworking Matthew Caesar February 1, 2011 Lecture 4: Intradomain Routing CS 598: Advanced Internetworking Matthew Caesar February 1, 011 1 Robert. How can routers find paths? Robert s local DNS server 10.1.8.7 A 10.1.0.0/16 10.1.0.1 Routing Table

More information

Pretty Good BGP: Improving BGP by Cautiously Adopting Routes

Pretty Good BGP: Improving BGP by Cautiously Adopting Routes Pretty Good BGP: Improving BGP by Cautiously Adopting Routes Josh Karlin University of New Mexico karlinjf@cs.unm.edu Stephanie Forrest University of New Mexico Santa Fe Institute forrest@cs.unm.edu Jennifer

More information

BGP Configuration for a Transit ISP

BGP Configuration for a Transit ISP BGP Configuration for a Transit ISP ISP Workshops Last updated 24 April 2013 1 Definitions p Transit carrying traffic across a network, usually for a fee n traffic and prefixes originating from one AS

More information

CS 640: Introduction to Computer Networks. Intra-domain routing. Inter-domain Routing: Hierarchy. Aditya Akella

CS 640: Introduction to Computer Networks. Intra-domain routing. Inter-domain Routing: Hierarchy. Aditya Akella CS 640: Introduction to Computer Networks Aditya Akella Lecture 11 - Inter-Domain Routing - BGP (Border Gateway Protocol) Intra-domain routing The Story So Far Routing protocols generate the forwarding

More information

Towards A Practical and Effective BGP Defense System

Towards A Practical and Effective BGP Defense System Towards A Practical and Effective BGP Defense System Douglas Comer, Parmjeet Singh, and Subramanian Vasudevan Abstract At the center of the Internet, major ISPs use the Border Gateway Protocol (BGP) to

More information

Descartes BGP: A Conflict Detection and Response Framework for Inter-Domain Routing

Descartes BGP: A Conflict Detection and Response Framework for Inter-Domain Routing Descartes BGP: A Conflict Detection and Response Framework for Inter-Domain Routing 1 Abstract We present Descartes BGP (D-BGP), a fault detection and response framework that enhances the robustness, security,

More information

Quantifying Path Exploration in the Internet

Quantifying Path Exploration in the Internet IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 17, NO. 2, APRIL 2009 445 Quantifying Path Exploration in the Internet Ricardo Oliveira, Member, IEEE, Beichuan Zhang, Dan Pei, and Lixia Zhang Abstract Previous

More information

Introduction to BGP ISP/IXP Workshops

Introduction to BGP ISP/IXP Workshops Introduction to BGP ISP/IXP Workshops 1 Border Gateway Protocol Routing Protocol used to exchange routing information between networks exterior gateway protocol RFC1771 work in progress to update draft-ietf-idr-bgp4-18.txt

More information

Internet inter-as routing: BGP

Internet inter-as routing: BGP Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means to: 1. Obtain subnet reachability information from neighboring ASs. 2. Propagate the reachability

More information

Next Lecture: Interdomain Routing : Computer Networking. Outline. Routing Hierarchies BGP

Next Lecture: Interdomain Routing : Computer Networking. Outline. Routing Hierarchies BGP Next Lecture: Interdomain Routing BGP 15-744: Computer Networking L-3 BGP Assigned Reading MIT BGP Class Notes [Gao00] On Inferring Autonomous System Relationships in the Internet Ooops 2 Outline Need

More information

Quantifying Path Exploration in the Internet

Quantifying Path Exploration in the Internet Quantifying Path Exploration in the Internet Ricardo Oliveira Beichuan Zhang Dan Pei Lixia Zhang {rveloso,lixia}@cs.ucla.edu bzhang@cs.arizona.edu peidan@research.att.com University of California, Los

More information

Introduction to BGP. ISP/IXP Workshops

Introduction to BGP. ISP/IXP Workshops Introduction to BGP ISP/IXP Workshops 1 Border Gateway Protocol A Routing Protocol used to exchange routing information between different networks Exterior gateway protocol Described in RFC4271 RFC4276

More information

Inter-Domain Routing: BGP

Inter-Domain Routing: BGP Inter-Domain Routing: BGP Richard T. B. Ma School of Computing National University of Singapore CS 3103: Compute Networks and Protocols Inter-Domain Routing Internet is a network of networks Hierarchy

More information

Implementation of BGP in a Network Simulator

Implementation of BGP in a Network Simulator Implementation of BGP in a Network Simulator Tony Dongliang Feng Rob Ballantyne Ljiljana Trajković Communication Networks Laboratory http://www.ensc.sfu.ca/cnl Simon Fraser University Road map Introduction

More information

MANRS Mutually Agreed Norms for Routing Security

MANRS Mutually Agreed Norms for Routing Security December 2017 MANRS Mutually Agreed Norms for Routing Security Andrei Robachevsky robachevsky@isoc.org Presentation title Client name 1 Internet Society 1992 2016 The Problem A Routing Security Primer

More information

On the Evaluation of AS Relationship Inferences

On the Evaluation of AS Relationship Inferences On the Evaluation of AS Relationship Inferences Jianhong Xia Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA 01002 jxia@ecs.umass.edu Lixin Gao Department of Electrical

More information

This appendix contains supplementary Border Gateway Protocol (BGP) information and covers the following topics:

This appendix contains supplementary Border Gateway Protocol (BGP) information and covers the following topics: Appendix C BGP Supplement This appendix contains supplementary Border Gateway Protocol (BGP) information and covers the following topics: BGP Route Summarization Redistribution with IGPs Communities Route

More information

A Measurement Study on the Impact of Routing Events on End-to-End Internet Path Performance

A Measurement Study on the Impact of Routing Events on End-to-End Internet Path Performance A Measurement Study on the Impact of Routing Events on End-to-End Internet Path Performance Feng Wang University of Mass., Amherst fewang@ecs.umass.edu Zhuoqing Morley Mao University of Michigan zmao@eecs.umich.edu

More information

CS 457 Networking and the Internet. The Global Internet (Then) The Global Internet (And Now) 10/4/16. Fall 2016

CS 457 Networking and the Internet. The Global Internet (Then) The Global Internet (And Now) 10/4/16. Fall 2016 CS 457 Networking and the Internet Fall 2016 The Global Internet (Then) The tree structure of the Internet in 1990 The Global Internet (And Now) A simple multi-provider Internet 1 The Global Internet Some

More information

EULER Project Path-Vector Routing Stability Analysis

EULER Project Path-Vector Routing Stability Analysis EULER Project Path-Vector Routing Stability Analysis Florin Coras, Albert Lopez, Albert Cabellos UPC Dimitri Papadimitriou Alcatel-Lucent Introduction BGP Inter-domain routing protocol used in the Internet

More information

BGP Protocol & Configuration. Scalable Infrastructure Workshop AfNOG2008

BGP Protocol & Configuration. Scalable Infrastructure Workshop AfNOG2008 BGP Protocol & Configuration Scalable Infrastructure Workshop AfNOG2008 Border Gateway Protocol (BGP4) Case Study 1, Exercise 1: Single upstream Part 6: BGP Protocol Basics Part 7: BGP Protocol - more

More information

A framework for BGP data analysis

A framework for BGP data analysis A framework for BGP data analysis Alberto Dainotti, Alistair King, Chiara Orsini, Vasco Asturiano chiara@caida.org BGPSTREAM A software framework for the historical analysis and real-time monitoring BGP

More information

BGP in the Internet Best Current Practices

BGP in the Internet Best Current Practices BGP in the Internet Best Current Practices 1 Recommended IOS Releases Which IOS?? 2 Which IOS? IOS is a feature rich and highly complex router control system ISPs should choose the IOS variant which is

More information

CS 268: Computer Networking. Next Lecture: Interdomain Routing

CS 268: Computer Networking. Next Lecture: Interdomain Routing CS 268: Computer Networking L-3 BGP Next Lecture: Interdomain Routing BGP Assigned Reading MIT BGP Class Notes [Gao00] On Inferring Autonomous System Relationships in the Internet 2 Outline Need for hierarchical

More information

Inter-domain Routing. Outline. Border Gateway Protocol

Inter-domain Routing. Outline. Border Gateway Protocol Inter-domain Routing Outline Border Gateway Protocol Internet Structure Original idea CS 640 2 Internet Structure Today CS 640 3 Route Propagation in the Internet Autonomous System (AS) corresponds to

More information

IRR Analysis Service

IRR Analysis Service UNIVERSITÀ DEGLI STUDI ROMA TRE Dipartimento di Informatica e Automazione IRR Analysis Service Massimo Rimondini Tiziana Refice RIPE 53 Meeting 2 October 2006 Amsterdam, The Netherlands UNIVERSITÀ DEGLI

More information

CS 204: BGP. Jiasi Chen Lectures: MWF 12:10-1pm Humanities and Social Sciences

CS 204: BGP. Jiasi Chen Lectures: MWF 12:10-1pm Humanities and Social Sciences CS 204: BGP Jiasi Chen Lectures: MWF 12:10-1pm Humanities and Social Sciences 1403 http://www.cs.ucr.edu/~jiasi/teaching/cs204_spring17/ 1 Overview AS relationships Inter-AS routing BGP Example Paper discussion

More information

On the Characteristics of BGP Routes

On the Characteristics of BGP Routes On the Characteristics of BGP Routes Julien Clément and Kwan-Wu Chin School of Electrical, Computer and Telecommunications Engineering University of Wollongong Northfields Ave, NSW, Australia 2522 {jyc157,

More information

Protecting DNS from Routing Attacks -Two Alternative Anycast Implementations

Protecting DNS from Routing Attacks -Two Alternative Anycast Implementations Protecting DNS from Routing Attacks -Two Alternative Anycast Implementations Boran Qian StudentID 317715 Abstract The Domain Names System (DNS) is an important role of internet infrastructure and supporting

More information

network security cs642 computer security adam everspaugh

network security cs642 computer security adam everspaugh network security cs642 computer security adam everspaugh ace@cs.wisc.edu today Reminder: HW3 due in one week: April 18, 2016 CIDR addressing Border Gateway Protocol Network reconnaissance via nmap Idle

More information

A Technique for Reducing BGP Update Announcements through Path Exploration Damping

A Technique for Reducing BGP Update Announcements through Path Exploration Damping A Technique for Reducing BGP Update Announcements through Path Exploration Damping Geoff Huston, Mattia Rossi, Grenville Armitage mrossi@swin.edu.au Centre for Advanced Internet Architectures (CAIA) Swinburne

More information

Spam Mitigation using Spatio temporal Reputations from Blacklist History*

Spam Mitigation using Spatio temporal Reputations from Blacklist History* Spam Mitigation using Spatio temporal Reputations from Blacklist History* A.G. West, A.J. Aviv, J. Chang, and I. Lee ACSAC `10 December 9, 2010 * Note that for conciseness, this version omits the animation

More information

Routing Security Security Solutions

Routing Security Security Solutions Routing Security Security Solutions CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring 2008 Page 1 Solving BGP Security Reality: most attempts at securing BGP have been at the local level

More information

Toward Valley-Free Inter-domain Routing

Toward Valley-Free Inter-domain Routing Toward Valley-Free Inter-domain Routing Sophie Y. Qiu, Patrick D. McDaniel, and Fabian Monrose Dept. of CS, Johns Hopkins University Dept. of CSE, Pennsylvania State University {yuqiu,fabian}@cs.jhu.edu

More information

COMP/ELEC 429 Introduction to Computer Networks

COMP/ELEC 429 Introduction to Computer Networks COMP/ELEC 429 Introduction to Computer Networks Lecture 11: Inter-domain routing Slides used with permissions from Edward W. Knightly, T. S. Eugene Ng, Ion Stoica, Hui Zhang T. S. Eugene Ng eugeneng at

More information

The (in)completeness of the Observed Internet AS-level Structure

The (in)completeness of the Observed Internet AS-level Structure The (in)completeness of the Observed Internet AS-level Structure Ricardo Oliveira Dan Pei Walter Willinger Beichuan Zhang Lixia Zhang {rveloso,lixia}@cs.ucla.edu {peidan,walter}@research.att.com bzhang@arizona.edu

More information

bgpand - Architecting a modular BGP4 Attack & Anomalies Detection Platform

bgpand - Architecting a modular BGP4 Attack & Anomalies Detection Platform bgpand - Architecting a modular BGP4 Attack & Anomalies Detection Platform Mayank Bhatnagar TechMahindra Limited, SDF B-1, NSEZ, Noida-201305, India E-mail : mayank.bhatnagar2@techmahindra.com Abstract

More information

APNIC Trial of Certification of IP Addresses and ASes

APNIC Trial of Certification of IP Addresses and ASes APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston Motivation: Address and Routing Security What we have today is a relatively insecure system that is

More information

Detecting Internet Traffic Interception based on Route Hijacking

Detecting Internet Traffic Interception based on Route Hijacking Detecting Internet Traffic Interception based on Route Hijacking Alberto Dainotti alberto@caida.org Center for Applied Internet Data Analysis University of California, San Diego Joint work with: Pavlos

More information

Quantifying Path Exploration in the Internet

Quantifying Path Exploration in the Internet Quantifying Path Exploration in the Internet Ricardo Oliveira rveloso@cs.ucla.edu Beichuan Zhang bzhang@cs.arizona.edu Rafit Izhak-Ratzin rafiti@cs.ucla.edu Lixia Zhang lixia@cs.ucla.edu Dan Pei peidan@research.att.com

More information

Configuring Advanced BGP

Configuring Advanced BGP CHAPTER 6 This chapter describes how to configure advanced features of the Border Gateway Protocol (BGP) on the Cisco NX-OS switch. This chapter includes the following sections: Information About Advanced

More information

The BGP Visibility Scanner

The BGP Visibility Scanner The BGP Visibility Scanner Andra Lutu 1,2, Marcelo Bagnulo 2 and Olaf Maennel 3 Institute IMDEA Networks 1, University Carlos III Madrid 2, Loughborough University 3 Problem Statement } The routing preferences

More information

Detecting routing anomalies using RIPE Atlas

Detecting routing anomalies using RIPE Atlas Detecting routing anomalies using RIPE Atlas Todor Yakimov Graduate School of Informatics University of Amsterdam Wednesday, February 5, 2014 Todor Yakimov (UvA) Detecting routing anomalies using RIPE

More information

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition ELEC / COMP 177 Fall 2010 Some slides from Kurose and Ross, Computer Networking, 5 th Edition Project #2 Due Thursday, Nov 10 th Homework #5 Due Thursday, Nov 17 th Later this semester: Homework #6 - Presentation

More information

Network Security - ISA 656 Routing Security

Network Security - ISA 656 Routing Security Network Security - ISA 656 Angelos Stavrou December 4, 2007 What is? What is Routing Security? History of Routing Security Why So Little Work? How is it Different? The Enemy s Goal? Bad guys play games

More information

Methods for Detection and Mitigation of BGP Route Leaks

Methods for Detection and Mitigation of BGP Route Leaks Methods for Detection and Mitigation of BGP Route Leaks ietf-idr-route-leak-detection-mitigation-00 (Route leak definition: draft-ietf-grow-route-leak-problem-definition) K. Sriram, D. Montgomery, and

More information

A SUBSYSTEM FOR FAST (IP) FLUX BOTNET DETECTION

A SUBSYSTEM FOR FAST (IP) FLUX BOTNET DETECTION Chapter 6 A SUBSYSTEM FOR FAST (IP) FLUX BOTNET DETECTION 6.1 Introduction 6.1.1 Motivation Content Distribution Networks (CDNs) and Round-Robin DNS (RRDNS) are the two standard methods used for resource

More information

Locating Prefix Hijackers using LOCK

Locating Prefix Hijackers using LOCK Locating Prefix ijackers using LOCK Tongqing Qiu Georgia Tech tongqqiu@cc.gatech.edu Jia Wang AT&T Labs Research jiawang@research.att.com Lusheng Ji AT&T Labs Research lji@research.att.com Jun (Jim) Xu

More information

Illegitimate Source IP Addresses At Internet Exchange Points

Illegitimate Source IP Addresses At Internet Exchange Points Illegitimate Source IP Addresses At Internet Exchange Points @ DENOG8, Darmstadt Franziska Lichtblau, Florian Streibelt, Philipp Richter, Anja Feldmann 23.11.2016 Internet Network Architectures, TU Berlin

More information

SpamTracer: How Stealthy Are Spammers?

SpamTracer: How Stealthy Are Spammers? SpamTracer: How Stealthy Are Spammers? Pierre-Antoine Vervier Eurecom Sophia Antipolis, France Pierre-Antoine.Vervier@eurecom.fr Olivier Thonnard Symantec Research Labs Sophia Antipolis, France Olivier

More information

Distributed Denial of Service (DDoS)

Distributed Denial of Service (DDoS) Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by

More information

BGP in the Internet Best Current Practices

BGP in the Internet Best Current Practices BGP in the Internet Best Current Practices 1 Recommended IOS Releases Which IOS?? 2 Which IOS? IOS is a feature rich and highly complex router control system ISPs should choose the IOS variant which is

More information

BGP scalability Eduardo Grampín Universidad Carlos III de Madrid

BGP scalability Eduardo Grampín Universidad Carlos III de Madrid BGP scalability Eduardo Grampín Universidad Carlos III de Madrid Departamento de Ingeniería Telemática - Universidad Carlos III de Madrid. http://www.it.uc3m.es 1 IAB Workshop on Inter-Domain routing in

More information

COMP211 Chapter 5 Network Layer: The Control Plane

COMP211 Chapter 5 Network Layer: The Control Plane COMP211 Chapter 5 Network Layer: The Control Plane All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith

More information

APNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013

APNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013 APNIC s role in stability and security Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013 Overview Introducing APNIC Working with LEAs The APNIC Whois Database

More information

A PKI For IDR Public Key Infrastructure and Number Resource Certification

A PKI For IDR Public Key Infrastructure and Number Resource Certification A PKI For IDR Public Key Infrastructure and Number Resource Certification AUSCERT 2006 Geoff Huston Research Scientist APNIC If You wanted to be Bad on the Internet And you wanted to: Hijack a site Inspect

More information

Towards Localizing Root Causes of BGP Dynamics

Towards Localizing Root Causes of BGP Dynamics Towards Localizing Root Causes of BGP Dynamics Matthew Caesar, Lakshminarayanan Subramanian, Randy H. Katz {mccaesar,lakme,randy}@cs.berkeley.edu Abstract Today, we lack a clear understanding of the dynamics

More information

An Analysis of ARIN NetHandles with OriginAS i Data and Analysis of RIR/IRR Registry Data

An Analysis of ARIN NetHandles with OriginAS i Data and Analysis of RIR/IRR Registry Data Network king Progr ram Trus stworthy An Analysis of ARIN NetHandles with OriginAS i Data and Analysis of RIR/IRR Registry Data O. Kim, K. Sriram, O. Borchert, P. Gleichmann, and D. Montgomery Presentation

More information

BGP Route Propagation between Neighboring Domains

BGP Route Propagation between Neighboring Domains BGP Route Propagation between Neighboring Domains Renata Teixeira 1, Steve Uhlig 2, and Christophe Diot 3 1 Univ. Pierre et Marie Curie, LIP6-CNRS, renata.teixeira@lip6.fr 2 Delft University of Technology

More information

Internet Interconnection Structure

Internet Interconnection Structure Internet Interconnection Structure Basic Concepts (1) Internet Service Provider (ISP) Provider who connects an end user customer with the Internet in one or few geographic regions. National & Regional

More information

IPv4 Address Allocation and Evolution of BGP Routing Tables

IPv4 Address Allocation and Evolution of BGP Routing Tables IPv4 Address Allocation and Evolution of BGP Routing Tables Xiaoqiao Meng, xqmeng@cs.ucla.edu Zhiguo Xu, zhiguo@cs.ucla.edu CJ Wittbrodt, cjw@packetdesign.com Songwu Lu, slu@cs.ucla.edu> Lixia Zhang, lixia@cs.ucla.edu

More information

End-To-End Signaling and Routing for Optical IP Networks

End-To-End Signaling and Routing for Optical IP Networks End-To-End Signaling and Routing for Optical IP Networks Mark Joseph Francisco, Lambros Pezoulas, Changcheng Huang, Ioannis Lambadaris Carleton University Department of Systems and Computer Engineering

More information

Quantifying Internet End-to-End Route Similarity

Quantifying Internet End-to-End Route Similarity Quantifying Internet End-to-End Route Similarity Ningning Hu and Peter Steenkiste Carnegie Mellon University Pittsburgh, PA 523, USA {hnn, prs}@cs.cmu.edu Abstract. Route similarity refers to the similarity

More information

the real-time Internet routing observatory Alessandro Improta

the real-time Internet routing observatory Alessandro Improta the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our research focus: the Internet AS-level ecosystem Why is it important? To identify Internet topological properties

More information

The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery

The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery Evan Cooke *, Michael Bailey *, Farnam Jahanian *, Richard Mortier *University of Michigan Microsoft Research - 1 - NSDI 2006

More information

Routing on the Internet. Routing on the Internet. Hierarchical Routing. Computer Networks. Lecture 17: Inter-domain Routing and BGP

Routing on the Internet. Routing on the Internet. Hierarchical Routing. Computer Networks. Lecture 17: Inter-domain Routing and BGP Routing on the Internet Computer Networks Lecture 17: Inter-domain Routing and BGP In the beginning there was the ARPANET: route using GGP (Gateway-to-Gateway Protocol), a distance vector routing protocol

More information

Lab 2 BGP route filtering and advanced features

Lab 2 BGP route filtering and advanced features ISP/IXP Networking Workshop Lab Lab 2 BGP route filtering and advanced features Objective: Using the network concepts of Lab 1, use various configuration methods on BGP peerings to demonstrate neighbour

More information

Advanced Computer Networks

Advanced Computer Networks Advanced Computer Networks External Routing - BGP protocol Prof. Andrzej Duda duda@imag.fr Contents Autonomous systems Interconnection of ASs Path vector routing BGP types of AS protocol structure of BGP

More information

Inter-Domain Routing: BGP II

Inter-Domain Routing: BGP II Inter-Domain Routing: BGP II Mark Handley UCL Computer Science CS 3035/GZ01 BGP Protocol (cont d) BGP doesn t chiefly aim to compute shortest paths (or minimize other metric, as do DV, LS) Chief purpose

More information